Solved

Preventing user from connecting other than through VPN

Posted on 2006-11-21
8
288 Views
Last Modified: 2008-02-01
I have a Virtual Machine (VM) with a VPN connection. I double click the icon on the desktop to connect. After that I go out under the VPNs IP. When I am not connected I go out under my IP (Verizon DSL).

What I want is preventing the ability to go out to the internet from this VM except under VPN. That is if someone forgets to "dial in" and tries to open the IE or other application he gets an error.

"other application" = "any program accessing the Internet". ICQ, FTP client, whatever.
0
Comment
Question by:SergiyK
  • 4
  • 4
8 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17990811
One option:  Statically assigning the remote VPN site's local DNS server as the only DNS server, in the TCP/IP DNS properties of the connecting VM, will restrict access,s unless they try to do so by IP. If you do so, your VPN will have to connect by IP or have a manual entry in the Hosts file for the domain name to which it is connecting, since it will not be able to resolve DNS names until the VPN is connected.
0
 

Author Comment

by:SergiyK
ID: 17995424
I do not know what the remote site's DNS server is. How do I find out?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17995498
That is a good question :-)  Usually you would have some involvement in the management of the remote site an know that. Can you contact someone at that site and ask them at a command line to run   ipconfig  /all    this will return it's DNS configuration. If not let us know what type of VPN connection you have or client you are using and you may bed able to retrieve it. You may already have it on the local machine. You could run ipconfig  /all on the local machine while the VPN is connected, and check next to DNS for an IP starting with 192.168.x.x, 10.x.x.x or 172.16-31.x.x  Then make sure it is not part of your local network.
You could also try while connected to the VPN using    nslookup  RemoteDomainName.abc  if you no the domain name.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:SergiyK
ID: 17995645
I am using a regular VPN :) I set it up like this:


New Connection ->
Connect ... at workplace -->
V.P.N. ->
Company name = *** -->
Do not dial initial connection -->
IP = **.**.***.***

Then I hit connect, enter user name and password and I am there.

Ipconfig did not really work...

C:\Documents and Settings>ipconfig
Windows IP Configuration
An internal error occurred: Incorrect function.
Please contact Microsoft Product Support Services for further help.
Additional information: Unknown media status code.
0
 

Author Comment

by:SergiyK
ID: 17996066
Ok, Ipconfig worked now:


Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : *****.******.com
        IP Address. . . . . . . . . . . . : 192.168.*.**
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.*.*

PPP adapter Bagalya:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.*.***
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.*.***
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17999352
You need to use:   ipconfig /all    to get the DNS servers. But it may not help. The one you want should be displayed under the PPP adapter's configuration.

Do you have a domain at your end, or might *****.******.com be the domain name at the remote end? If so try, when the VPN is connected entering;
nslookup   *****.******.com
and it should return the IP of the remote DNS server.
0
 

Author Comment

by:SergiyK
ID: 18015802
C:\Documents and Settings>nslookup myhome.westell.com
Server:  dslrouter
Address:  192.168.1.1

Name:    myhome.westell.com
---

This is my router's IP address...

By the way, can I set up the router for this VM so that traffic of this partricular VM can go only from one IP (VPN)?

0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 18019348
>>'can I set up the router for this VM so that traffic of this partricular VM can go only from one IP (VPN)?"
Not familiar with your modem/router, but as a rule on simple units like the Westells, you can control what IP's are allowed outgoing connections, but not where they go. Where the VPN is a virtual connection I doubt you can block it in that way.

>>"Server:  dslrouter"
As mentioned, that is the router. You need the corporate DNS server's IP.
Do you know the name of any computers or servers at the corporate site, even if by checking drive mappings? If so using nslookup as suggested earlier should return the computers IP but also the IP of the DNS server that resolved the name. This of course has to be done while the VPN is connected.
nslookup  RemoteDomainName.abc  
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question